{
  "threat_severity" : "Low",
  "public_date" : "2019-01-25T00:00:00Z",
  "bugzilla" : {
    "description" : "libpng: use-after-free in png_image_free in png.c",
    "id" : "1672409",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1672409"
  },
  "cvss3" : {
    "cvss3_base_score" : "5.3",
    "cvss3_scoring_vector" : "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H",
    "status" : "verified"
  },
  "cwe" : "CWE-400",
  "details" : [ "png_image_free in png.c in libpng 1.6.x before 1.6.37 has a use-after-free because png_image_free_function is called under png_safe_execute.", "A vulnerability was found in libpng where a use-after-free issue exists in the png_image_free function within png.c. This vulnerability can be exploited by persuading a victim to open a specially crafted file, a remote attacker could exploit this vulnerability to cause a denial of service." ],
  "statement" : "In general, this flaw cannot be exploited through email in Thunderbird because scripting is disabled when reading mail, but it is potentially a risk in browser or browser-like contexts.",
  "affected_release" : [ {
    "product_name" : "Red Hat Enterprise Linux 6",
    "release_date" : "2019-05-23T00:00:00Z",
    "advisory" : "RHSA-2019:1267",
    "cpe" : "cpe:/o:redhat:enterprise_linux:6",
    "package" : "firefox-0:60.7.0-1.el6_10"
  }, {
    "product_name" : "Red Hat Enterprise Linux 6",
    "release_date" : "2019-06-03T00:00:00Z",
    "advisory" : "RHSA-2019:1310",
    "cpe" : "cpe:/o:redhat:enterprise_linux:6",
    "package" : "thunderbird-0:60.7.0-1.el6_10"
  }, {
    "product_name" : "Red Hat Enterprise Linux 6 Supplementary",
    "release_date" : "2019-08-15T00:00:00Z",
    "advisory" : "RHSA-2019:2494",
    "cpe" : "cpe:/a:redhat:rhel_extras:6",
    "package" : "java-1.7.1-ibm-1:1.7.1.4.50-1jpp.1.el6_10"
  }, {
    "product_name" : "Red Hat Enterprise Linux 6 Supplementary",
    "release_date" : "2019-09-03T00:00:00Z",
    "advisory" : "RHSA-2019:2592",
    "cpe" : "cpe:/a:redhat:rhel_extras:6",
    "package" : "java-1.8.0-ibm-1:1.8.0.5.40-1jpp.1.el6_10"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7",
    "release_date" : "2019-05-23T00:00:00Z",
    "advisory" : "RHSA-2019:1265",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7",
    "package" : "firefox-0:60.7.0-1.el7_6"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7",
    "release_date" : "2019-06-03T00:00:00Z",
    "advisory" : "RHSA-2019:1309",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7",
    "package" : "thunderbird-0:60.7.0-1.el7_6"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7 Supplementary",
    "release_date" : "2019-08-15T00:00:00Z",
    "advisory" : "RHSA-2019:2495",
    "cpe" : "cpe:/a:redhat:rhel_extras:7",
    "package" : "java-1.7.1-ibm-1:1.7.1.4.50-1jpp.1.el7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7 Supplementary",
    "release_date" : "2019-09-02T00:00:00Z",
    "advisory" : "RHSA-2019:2585",
    "cpe" : "cpe:/a:redhat:rhel_extras:7",
    "package" : "java-1.8.0-ibm-1:1.8.0.5.40-1jpp.1.el7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8",
    "release_date" : "2019-05-23T00:00:00Z",
    "advisory" : "RHSA-2019:1269",
    "cpe" : "cpe:/a:redhat:enterprise_linux:8",
    "package" : "firefox-0:60.7.0-1.el8_0"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8",
    "release_date" : "2019-06-03T00:00:00Z",
    "advisory" : "RHSA-2019:1308",
    "cpe" : "cpe:/a:redhat:enterprise_linux:8",
    "package" : "thunderbird-0:60.7.0-1.el8_0"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8",
    "release_date" : "2019-09-02T00:00:00Z",
    "advisory" : "RHSA-2019:2590",
    "cpe" : "cpe:/a:redhat:enterprise_linux:8::supplementary",
    "package" : "java-1.8.0-ibm-1:1.8.0.5.40-3.el8_0"
  }, {
    "product_name" : "Red Hat Satellite 5.8",
    "release_date" : "2019-09-11T00:00:00Z",
    "advisory" : "RHSA-2019:2737",
    "cpe" : "cpe:/a:redhat:network_satellite:5.8::el6",
    "package" : "java-1.8.0-ibm-1:1.8.0.5.40-1jpp.1.el6_10"
  } ],
  "package_state" : [ {
    "product_name" : "Red Hat Enterprise Linux 5",
    "fix_state" : "Not affected",
    "package_name" : "libpng",
    "cpe" : "cpe:/o:redhat:enterprise_linux:5"
  }, {
    "product_name" : "Red Hat Enterprise Linux 6",
    "fix_state" : "Not affected",
    "package_name" : "libpng",
    "cpe" : "cpe:/o:redhat:enterprise_linux:6"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7",
    "fix_state" : "Not affected",
    "package_name" : "libpng",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7",
    "fix_state" : "Not affected",
    "package_name" : "libpng12",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8",
    "fix_state" : "Fix deferred",
    "package_name" : "libpng",
    "cpe" : "cpe:/o:redhat:enterprise_linux:8"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8",
    "fix_state" : "Not affected",
    "package_name" : "libpng12",
    "cpe" : "cpe:/o:redhat:enterprise_linux:8"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8",
    "fix_state" : "Fix deferred",
    "package_name" : "mingw-libpng",
    "cpe" : "cpe:/o:redhat:enterprise_linux:8"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2019-7317\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-7317" ],
  "name" : "CVE-2019-7317",
  "csaw" : false
}